F5 sending TCP resets to Client during Client-F5 SSL Handshake

Question

We have two clients trying to reach the same https URL which is a Virtual Server hosted on the F5 LTM. &nbsp;
Connection from one client to the destination server is complete through the F5.&nbsp;
However when the second client initiates a SSL communication to the LTM, the LTM responds with a TCP reset.&nbsp;
Cipher used is DEFAULT on the F5  
&nbsp;
When we took a SSL Dump we could see the below :&nbsp;
Working Client &nbsp;
C&gt;SV3.3(241)  Handshake  &nbsp;
 ClientHello  &nbsp;
        Version 3.3   &nbsp;
S&gt;CV3.1(74)  Handshake  &nbsp;
      ServerHello  &nbsp;
        Version 3.1     
&nbsp;
Non - Working Client &nbsp;
C&gt;SV3.3(267)  Handshake  &nbsp;
      ClientHello  &nbsp;
        Version 3.3   &nbsp;
S&gt;C  TCP RST     
&nbsp;
Need help to understand why one client is unable to connect when another connects on same F5 Virtual Server successfully.&nbsp;

nathe · Answer

Aditya,&nbsp;
What I can tell from the limited ssldump trace is both clients support tls1.2 (3.3) but the bigip downgrades to tls1.0 (3.1). I suspect the non working client doesn't support tls1.0.&nbsp;
This could be the version of the browser being used perhaps?&nbsp;
N&nbsp;

Forum Discussion

F5 sending TCP resets to Client during Client-F5 SSL Handshake

Recent Discussions

Http / https health monitor issue

F5-SDK Get GTM Pool Server, Virtual Server, Unused Objects, and JSON Conversion for Data Processing

F5 DNS Generic Host

How do I create a traffic log for two different route domains?

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

SSL Profiles Part 1: Handshakes

TCP Internals: 3-way Handshake and Sequence Numbers Explained

Overview of Trusted Client IP Headers in F5 Distributed Cloud Platform

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS